DO YOU LOVE FISHING

“PHISHING”?

OR

WHAT IS PHISHING?

Global Wealt

h Management Group MORG

AN STANLEY &

SMITH BARNE

Y

•A term used to describe fraudulent attempts to steal an individual’s identity through e-mail

VISA

•Also called brand spoofing

•The creation of e-mail messages and Web pages that are the replicas of the existing, legitimate websites and businesses for the purpose of committing fraud.

English

Oxford Dictionary

•The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.

HOW DOES PHISHING HAPPEN?

Users are sent an unsolicited e-mail

appearing to be from a legitimate company.

E-mail claims that a billing error or account problem has occurred

OR the user’s information needs to be updated or validated.

Users are asked to follow instructions that will take them to a Web site that appears to be

legitimate.

While at the site, users are asked to update personal and financial information by completing an online

form.

The form requests a variety of information such as credit card numbers,

account numbers, passwords, date of birth, driver’s license number

and social insurance numbers.

Users respond to the request as the site looks authentic and therefore

fooled by disclosing their financial and personal

information to criminals.

Criminals then uses the information to purchase

goods and services, obtain credit, or commit

identity theft.

SCENARIO 1

HOW DOES PHISHING HAPPEN?

User receives a

pop-up reward

message.

Enters personal

and financial details to retrieve reward

Phishers receives user’s

personal and

financial informatio

n

Users does not get the reward but

finds out that their account

OR identity has been used for

some other matters.

YOU HAVE BEEN

PHISHED!

THANK YOU FOR YOUR

GENEROSITY…

SCENARIO

2

HOW TO DETECT SUSPICIOUS WEB SITES???

The yellow lock does not appear anywhere on the screen.

Fake request of “alternative password”

Inappropriate request for personal information

The pictures in the Web site are hyperlinked to unidentified addresses

Threatening words to get user’s attention to disclose personal/financial information

Web address are longer than usual.

The Web address starts with “http://”

EXAMPLES

PHARMING:Through Spoofed Websites /

Emails

SMISHING:Through Short

Messaging Service (SMS)

VISHING:Through Voice IP

(Phone calls)

~ TYPES OF PHISHING ~

HOW TO PREVENT FROM BEING “PHISHED”?

1. Be cautious with spams received through emails.~ Especially from unrecognized senders~ Asking for personal information~ Stating sense of urgency to respond; threatening possible consequences if do not act immediately~ Requesting you to click on a link, download files or open attachments

2. Protect your computer with firewall, spam filters, antivirus, and anti-spyware softwares. ~ Install the latest softwares and constantly update them

3. Regularly check your bank account, credit and debit card statements~ Keep track of your transactions~ Easy to detect irregularities

4. Give personal information only through secured websites.~ ‘Lock’ icon on the browser bar~ ‘https’ URL instead of ‘http’~ Fully type URL address of website by yourself instead of using search

5. Contact the related company or bank to enquire if in doubt.~ Regarding any emails, sms, phone calls received asking for personal information

HOW TO PREVENT FROM BEING “PHISHED”?

Example of phishing cases

1. Maybank2u.com became victim to phishing culprits in 2008.

- Notification sent through the fake Maybank website and emails sent to victims.

− Lures victims to the fake internet banking site from the link given in the email and notification notice.

−Unsuspecting victims enter their personal information to login.

2. Apple was attacked by phishers in 2011.

- Customers receive emails purportedly from Apple.

- Aimed at tricking customers to reveal their AppleID Billing Information.

- Well-crafted scam with unusually well written and grammatically correct sentences with an authentic looking website.

Victims are directed to the fake link given in

the e-mail.

REFERENCES Morgan Stanley and Smith Barney, http://www.smithbarney.com/security_emailfraud.html Bloggers.com, Tech Guide,

http://techno-guideforall.blogspot.com/2011/06/how-to-protect-yourself-from-phishing.html Visa, http://www.visa.ca/en/personal/pdfs/brand_spoofing.pdf Identity Theft Killer, Prevent Identity Theft in 5 Minutes,

http://www.identitytheftkiller.com/prevent-phishing-scams.php infosec ISLAND, 10 ways to prevent phishing, Wednesday, May 19, 2010

http://www.infosecisland.com/blogview/4070-10-Ways-To-Prevent-Phishing.html PHISHING.ORG, How to prevent phishing scams,

http://www.phishing.org/scams/prevent-phishing/ Maybank Phishing Scam E-mails in Malaysia,

http://www.shaolintiger.com/2009/03/23/maybank-phishing-scam-e-mails-in-malaysia/ TG Daily, Massive phishing scam targets Apple users, Emma Woollacott,

http://www.tgdaily.com/security-features/60451-massive-phishing-scam-targets-apple-users New phishing scam targets Apple users , George Wong ,

http://www.ubergizmo.com/2011/12/new-phishing-scam-targets-apple-users/ Saturday Party, Walter and Simon, Dance mood by Nitro Album. Google images

Together as 1 Malaysia, let us unite

as one to curb

phishing!